Our experts have detected significant growth in complex malicious spam e-mails targeting organizations in various countries. The number of these malicious e-mails grew from around 3000 in February 2022 to approximately 30,000 in March. So far, our technologies have detected malicious e-mails written in English, show more ...
The hack of Beanstalk is just the latest major compromise of a decentralized finance (DeFi) platform. In this podcast, Jennifer Fernick of NCC Group joins me to talk about why DeFi’s security woes are much bigger than Beanstalk. The post Episode 237: Jacked on the Beanstalk – DeFi’s Security Debt Runs Wide, show more ...
The U.S. Treasury Department has implicated the North Korea-backed Lazarus Group (aka Hidden Cobra) in the theft of $540 million from video game Axie Infinity's Ronin Network last month.
"Kaspersky experts have analyzed the ransomware and found a vulnerability that allows decrypting files of affected users via a known-plaintext attack," the company said today.
The campaign is currently active and relies on poisoning search results to push a website mimicking Microsoft's promotional page for Windows 11, to offer the information stealer.
The Synopsys report also details the pervasive risks posed by unmanaged open source, including security vulnerabilities, outdated or abandoned components, and license compliance issues.
Citizen Lab researchers identified evidence of HOMAGE, a previously-undisclosed iOS zero-click vulnerability used by NSO Group that was effective against some versions prior to 13.2.
To provide defense in depth, the principles of zero-trust architecture, as elaborated by NIST, need to be adopted in system design and operation. Data should be protected across all three phases of its lifecycle: at rest, in motion, and in use.
ZingoStealer targets multiple apps/wallets such as Chrome, Opera, TronLink, Zcash, Bitcoin, Armory, BitApp, and Nifty Wallet. Further, it attempts to steal various computer information such as IP, computer name, and OS version, among others.
The European Union Agency for Cybersecurity (ENISA) published a map of national coordinated vulnerability disclosure (CVD) policies in the EU Member States and made some recommendations.
Funds managed by the private equity business within Goldman Sachs' asset management arm on Tuesday have invested $125M in Fortress Information Security, a supply chain cybersecurity provider.
The participants are deployed to assist a fictional country handle a large-scale cyberattack. More than 2,000 people from 32 nations, including Ukraine, are expected to be involved.
Lenovo has patched a trio of bugs that could be abused to perform UEFI attacks. The impacted product list includes IdeaPads, Legion gaming devices, and both Flex and Yoga laptops.
The second most mimicked brand is German package delivery DHL, which previously was at the top of the list. A contributing factor for this was the increased shopping during the holiday season.
Online fraud prevention startup SEON today announced that it has closed a $94 million Series B funding round that brings the total investment in the company to $107 million.
The Conti ransomware group attacked and forced the shutdown of the European wind turbine manufacturing giant Nordex. The attack was first discovered on March 31.
Attacks that exploit QR codes are known as ‘Qshing’ (QR code phishing). In January 2022, the U.S. Federal Bureau of Investigation (FBI) warned QR code users about tampering and cited increased reports of stolen credentials and monetary loss.
Last year, more than $3 billion worth of digital assets were stolen. In Q1 2022, over $1.3 billion has already been stolen, indicating that the path taken by cybercriminals is even more aggressive this year.
SolarMarker operators were observed using signed files, obfuscated PowerShell scripts, large files, and impersonation of legitimate software installers to stay undetected.
In 2021, approximately 20,000 people fell victim to RAT scams, as per a report by the U.K's Action Fraud. Collectively, they lost $75 million. The U.S. lost around $2.4 billion to BEC scams in 2021, a 33% increase from 2020.
The targeted intrusions are a part of hostile activities against the nation since the year started. As per CERT-UA, the country has suffered 362 cyberattacks since the invasion.
"We confirm that in 2020 and 2021 we observed and notified the government of the United Kingdom of multiple suspected instances of Pegasus spyware infections within official UK networks," Citizen Lab said in a blog post.
Google hasn't revealed any details about it besides that it was a type confusion in Chrome's V8 JavaScript engine. "Google is aware that an exploit for CVE-2022-1364 exists in the wild," the company says.
Night Sky was discovered to be a fork of a ransomware family called Rook, which was itself derived from the leaked source code of Babuk and deployed by the same threat actor that used LockFile and AtomSilo, which share the same decryption tool.
According to recently revealed information, Conti has launched more than 200 attacks against hospitals and other healthcare facilities since first surfacing in 2018 under its earlier name, “Ryuk.”
London Stock Exchange-listed WH Smith issued a statement to the market admitting Funky Pigeon was "subject to a cyber security incident affecting part of its systems on Thursday 14 April 2022."
According to a release from international law firm RPC, the financial information belonging to approximately 42.2 million people in the U.K. was surrendered due to a growing number of ransomware attacks.
Last week Microsoft, ESET, Black Lotus Labs, Palo Alto Networks, Health-ISAC, and the Financial Services-ISAC, took control over the notorious ZLoader botnet, after an injunction issued by the U.S. Court for the Northern District of Georgia.
BlueZ suffers from a vulnerability where a malicious USB device can steal Bluetooth link keys over HCI using a fake BD_ADDR. It was also discovered that bluetoothd suffers from a double-free memory corruption flaw.
Backdoor.Win32.GateHell.21 malware suffers from an authentication bypass vulnerability.
Backdoor.Win32.Delf.zn malware suffers from an insecure credential storage vulnerability.
Linux suffers from a vulnerability where FUSE allows use-after-free reads of write() buffers, allowing theft of (partial) /etc/shadow hashes.
WordPress Motopress Hotel Booking Lite plugin version 4.2.4 suffers from a remote SQL injection vulnerability.
The Linux watch_queue filter suffers from an out of bounds write vulnerability.
Backdoor.Win32.GateHell.21 malware suffers from a man-in-the-middle vulnerability.
WordPress Popup Maker plugin version 1.16.5 suffers from a persistent cross site scripting vulnerability.
Responsive Online Blog version 1.0 remote blind boolean-based SQL injection exploit that retrieves usernames and md5 hashes for all site users. Original discovery of the vulnerability is attributed to Eren Simsek.
Backdoor.Win32.Psychward.03.a malware suffers from a weak hardcoded password vulnerability.
ManageEngine ADSelfService Plus version 6.1 suffers from a user enumeration vulnerability.
7-Zip version 21.07 suffers from a code execution vulnerability that allows for local privilege escalation.
PKP Open Journals System version 3.3 suffers from a cross site scripting vulnerability.
Backdoor.Win32.Hupigon.haqj malware suffers from an unquoted service path vulnerability.
X0R Cryptor with DEC/N0T/R0R encoder plus random byte insertion.
Trojan.Win32.TScash.c malware suffers from an insecure permissions vulnerability.
WordPress Videos Sync PDF plugin version 1.7.4 suffers from a persistent cross site scripting vulnerability.
Backdoor.Win32.Loselove malware suffers from a denial of service vulnerability.
WordPress Elementor versions 3.6.0, 3.6.1, and 3.6.2 suffer from a remote shell upload vulnerability.
HackTool.Win32.Delf.vs malware suffers from an insecure credential storage vulnerability.
EaseUS Data Recovery version 15.1.0.0 suffers from an unquoted service path vulnerability.
PTPublisher version 2.3.4 suffers from an unquoted service path vulnerability.
This is a research paper titled Goodbye Tracking? Impact Of iOS App Tracking Transparency And Privacy Labels. It analyzes 1,759 iOS apps before and after the changes in iOS 14.
Scriptcase version 9.7 suffers from a remote shell upload vulnerability.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA), along with the Federal Bureau of Investigation (FBI) and the Treasury Department, warned of a new set of ongoing cyber attacks carried out by the Lazarus Group targeting blockchain companies. Calling the activity cluster TraderTraitor, the infiltrations involve the North Korean state-sponsored advanced persistent threat (APT)
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the
Three high-impact Unified Extensible Firmware Interface (UEFI) security vulnerabilities have been discovered impacting various Lenovo consumer laptop models, enabling malicious actors to deploy and execute firmware implants on the affected devices. Tracked as CVE-2021-3970, CVE-2021-3971, and CVE-2021-3972, the latter two "affect firmware drivers originally meant to be used only during the
A previously unknown zero-click exploit in Apple's iMessage was used to install mercenary spyware from NSO Group and Candiru against at least 65 individuals as part of a "multi-year clandestine operation." "Victims included Members of the European Parliament, Catalan Presidents, legislators, show more ...
Online greeting cards business Funky Pigeon was forced to close its doors temporarily last week after a "cybersecurity incident." Visitors to the company's website were still being greeted as recently as Monday with a message saying that it could not accept new orders.
Graham Cluley Security News is sponsored this week by the folks at Indusface. Thanks to the great team there for their support! With APIs grown into a dominant mechanism of the modern web, protecting web applications and APIs becomes the default requirement of AppSec. This calls for a unified risk-based mitigation show more ...
